aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
2 lines (1 loc) • 2.28 kB
JavaScript
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ImportedRole=void 0;const core_1=require("../../../core"),cx_api_1=require("../../../cx-api"),grant_1=require("../grant"),policy_1=require("../policy"),principals_1=require("../principals"),util_1=require("../util");class ImportedRole extends core_1.Resource{constructor(scope,id,props){super(scope,id,{account:props.account}),this.grantPrincipal=this,this.assumeRoleAction="sts:AssumeRole",this.attachedPolicies=new util_1.AttachedPolicies,this.roleArn=props.roleArn,this.roleName=props.roleName,this.policyFragment=new principals_1.ArnPrincipal(this.roleArn).policyFragment,this.defaultPolicyName=props.defaultPolicyName,this.principalAccount=props.account}addToPolicy(statement){return this.addToPrincipalPolicy(statement).statementAdded}addToPrincipalPolicy(statement){if(!this.defaultPolicy){const useUniqueName=core_1.FeatureFlags.of(this).isEnabled(cx_api_1.IAM_IMPORTED_ROLE_STACK_SAFE_DEFAULT_POLICY_NAME),defaultDefaultPolicyName=useUniqueName?`Policy${core_1.Names.uniqueId(this)}`:"Policy",policyName=this.defaultPolicyName??defaultDefaultPolicyName;this.defaultPolicy=new policy_1.Policy(this,policyName,useUniqueName?{policyName}:void 0),this.attachInlinePolicy(this.defaultPolicy)}return this.defaultPolicy.addStatements(statement),{statementAdded:!0,policyDependable:this.defaultPolicy}}attachInlinePolicy(policy){const thisAndPolicyAccountComparison=core_1.Token.compareStrings(this.env.account,policy.env.account);(thisAndPolicyAccountComparison===core_1.TokenComparison.SAME||thisAndPolicyAccountComparison===core_1.TokenComparison.BOTH_UNRESOLVED||thisAndPolicyAccountComparison===core_1.TokenComparison.ONE_UNRESOLVED)&&(this.attachedPolicies.attach(policy),policy.attachToRole(this))}addManagedPolicy(policy){core_1.Annotations.of(this).addWarning(`Not adding managed policy: ${policy.managedPolicyArn} to imported role: ${this.roleName}`)}grantPassRole(identity){return this.grant(identity,"iam:PassRole")}grantAssumeRole(identity){return this.grant(identity,"sts:AssumeRole")}grant(grantee,...actions){return grant_1.Grant.addToPrincipal({grantee,actions,resourceArns:[this.roleArn],scope:this})}dedupeString(){return`ImportedRole:${this.roleArn}`}}exports.ImportedRole=ImportedRole;